Orchestrator 2020.10.2

We are on-prem.

When adding a new group user — just one user in a group, not an entire group — we specify the domain and then enter the user’s name. Behind the scenes the AD accounts are checked and the user is added. However, many of our users - especially those in the RPA COE and and the IT teams that support us - have TWO AD accounts in our directory. One is their standard AD account - the the one they use every day - for example, and Employee named Peter Parker would be EUR\PARKERP if he is in France. The second AD account that these users have are admin accounts - used only when they need to maintain something that requires admin access. If Peter Parker has an admin account too, it is configured like this: EUR\a_PARKERP.

If we add Mr. Parker as a group user, the AD account that is retrieved is the a_PARKERP account - most likely because it is first in the list when his name is queried.

However, he is not using that AD account 99% of the time and thus he cannot sign on using SSO to the Orchestrator.

When there is more than one AD account for the same name we need to be presented a list to CHOOSE the correct one.

In such cases, I think looking up with AD account instead of name should work precisely. So instead of Peter Parker you can use PARKERP.

We had similar issue (not updated data in AD) when we wanted to search one person with name, in AD she has maiden name, so it was impossible to find her, but when we used AD account, it works.

Hope this helps!